You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description: SVG files can contain Javascript in <script> tags. Browsers are smart enough to ignore scripts embedded in SVG files included via IMG tags. However, a direct request for an SVG file will result in the scripts being executed.
So an embedded SVG as an attachment in an issue or avatar does not execute the code, but if a user clicks on the attachment the code will execute.
Proof of concept:
Step1: Login into the subrion using the admin role.
Step2: In the uploads choose file upload and upload a malicious SVG file.
Step3: Now open that file which was saved as 1.svg the below output will be shown.
URL Where XSS got executed. http://localhost/subrion_cms_4.2.1/uploads/1%20-%20Copy.svg?_t=1534094451
Affected software: Subrion CMS v 4.2.1
Type of vulnerability: XSS via svg fileupload
URL: https://subrion.org/
Discovered by: BreachLock
Website: https://www.breachlock.com
Author: Balvinder Singh
Description: SVG files can contain Javascript in <script> tags. Browsers are smart enough to ignore scripts embedded in SVG files included via IMG tags. However, a direct request for an SVG file will result in the scripts being executed.
So an embedded SVG as an attachment in an issue or avatar does not execute the code, but if a user clicks on the attachment the code will execute.
Proof of concept:
Step1: Login into the subrion using the admin role.
Step2: In the uploads choose file upload and upload a malicious SVG file.
Step3: Now open that file which was saved as 1.svg the below output will be shown.
URL Where XSS got executed.
http://localhost/subrion_cms_4.2.1/uploads/1%20-%20Copy.svg?_t=1534094451
Vulnerable URL: http://localhost/subrion_cms_4.2.1/panel/uploads/#elf_l1_XA
The text was updated successfully, but these errors were encountered: